Skip to content

June 15, 2026

Why the U.S. Government Pulled the Plug on Claude Fable 5 and Mythos 5

Artificial Intelligence AI Policy National Security

Why the U.S. Government Pulled the Plug on Claude Fable 5 and Mythos 5

On a Friday afternoon in June 2026, one of the most powerful AI models on Earth simply went dark. Three days earlier, on June 9, Anthropic had publicly released Claude Fable 5 — its newest, most capable model — along with a more powerful, restricted sibling called Claude Mythos 5. Then, at 5:21 p.m. Eastern on June 12, the U.S. government issued an export-control directive, and Anthropic had to switch both models off for every customer in the world, all at once — including the millions reaching them through Amazon's cloud. The company's note was short and a little stunned: "We apologize for this disruption to our customers and are working to restore access as soon as possible."

It wasn't a hack. It wasn't an outage. The models worked perfectly. They were switched off by a government decision — and the story of why is part technical, part political, and genuinely contested. This is a plain-English walk through what happened, what the government said, what Anthropic said back, and the months-long fight with the Trump administration — including the day Anthropic got thrown out of federal systems — that set the whole thing up.

A note up front, because it matters: a lot of what we know about the government's reasoning comes from Anthropic's own statement. The government never published its rationale in detail. Where a fact is Anthropic's characterization, or comes only from secondary reporting, this article says so.

What Fable 5 and Mythos 5 actually are

To understand the recall, you have to understand what got recalled, because these two models are unusual.

Anthropic calls them "Mythos-class" — a tier it says sits above its Opus models in raw capability. Both descend from a system Anthropic had been previewing with trusted partners since the spring. What made that preview notable wasn't chat fluency; it was autonomous offensive-security skill. In research published around April 7, 2026, Anthropic reported that its own engineers — with no formal security training — asked the preview model to find remote-code-execution vulnerabilities overnight and "woke up the following morning to a complete, working exploit." It said the model autonomously found and exploited a 17-year-old root vulnerability in FreeBSD. Anthropic framed this as "a substantial leap … one that warrants substantial coordinated defensive action across the industry."

Hold that April quote. It becomes important later, because in June Anthropic argued almost the opposite.

Here's the single most-misreported fact of the whole affair: Fable 5 and Mythos 5 are the same underlying model. The only difference is the safeguards.

  • Claude Fable 5 is the public version. When its classifiers detect a request touching offensive cybersecurity (exploits, malware, attack tooling), biology and chemistry, or model "distillation," it doesn't answer with the frontier model — it quietly routes the response to the older, safer Claude Opus 4.8, and tells the user. Anthropic says more than 95% of Fable sessions never trigger that fallback at all.
  • Claude Mythos 5 is the same model with the safeguards lifted. It was never public — it went only to a small set of vetted partners under a cybersecurity program Anthropic calls Project Glasswing, marketed for serious work like vulnerability discovery and biodefense screening.

In other words, the safeguards are the product distinction. Fable 5 is the model with the brakes on; Mythos 5 is the model with the brakes off, for a handful of trusted hands.

What the government said: the jailbreak

Officially, this was about a jailbreak — a way to trick Fable 5 past its safeguards.

According to Anthropic, the government gave it only verbal evidence of "a potential narrow, non-universal jailbreak," which "essentially consists of asking the model to read a specific codebase and fix any software flaws." Anthropic says it reviewed a demonstration in which the technique surfaced only "a small number of previously known, minor vulnerabilities," all "relatively simple," which "other publicly-available models are able to discover … as well without requiring a bypass."

That's Anthropic's account. But the government did speak for itself in one important place. David Sacks, the administration's AI czar, said publicly and by name that the government had warned Anthropic that Fable 5 was jailbroken, that CEO Dario Amodei refused to fix the flaw or pull the model, and that the administration acted "reluctantly" only after that refusal. Sacks said the restriction would lift "once the jailbreak is patched," and that "the ball is in Anthropic's court." That reframes the official story from "we yanked it over a trivial bug" to "we told them to fix it, they wouldn't, so we acted."

And within a day or two, the missing piece filled in. Reporting (Fortune, Axios, Semafor) identified the entity that demonstrated the jailbreak as Amazon — Anthropic's commercial rival and one of its largest investors. Amazon CEO Andy Jassy reportedly flagged it to Treasury Secretary Scott Bessent; the formal directive came as a letter from Commerce Secretary Howard Lutnick to Amodei. So the trigger for a national-security recall of a frontier model was a competitor-investor with an obvious interest in that model going dark — escalated through political appointees, not a neutral technical body.

What Anthropic said back — and the contradiction it can't escape

Anthropic's public defense rests on three points:

  1. It's commoditized. "The level of capability displayed there is widely available from other models (including OpenAI's GPT-5.5)."
  2. It's legitimate. The capability "is used every day by the defenders who keep systems safe." Reading code to find flaws is the core of defensive security work.
  3. The precedent is dangerous. "If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers."

All three are reasonable. All three are also self-serving — and the deepest problem is that the third one collides with Anthropic's own April research. In April, Anthropic told the world this class of model was a dangerous "substantial leap" needing industry-wide coordination. In June, it told the world the same capability was ordinary and nothing to recall a model over. The most charitable reconciliation — and it's a real one — is that the model genuinely is more capable, but the specific jailbreak the government cited was trivial. Still: the government essentially took Anthropic at its April word, and Anthropic spent June arguing the opposite.

Who got hurt

Because you cannot filter "foreign nationals" out of a live global API in real time, the directive's narrow target produced a blunt result. Affected:

  • Every Fable 5 and Mythos 5 customer worldwide — U.S. citizens included, as collateral.
  • All foreign nationals, inside and outside the United States.
  • Anthropic's own non-citizen employees — barred from their employer's own model.
  • Amazon Bedrock / AWS users of the two models.
  • Project Glasswing partners running Mythos 5.

Everything else — Opus 4.8, Sonnet, Haiku — stayed online. And notice the shape of the order: it treats access to a deployed model as a controlled export, like a weapon or a controlled chip design, reaching even a U.S. company's U.S.-based staff. As far as the reporting shows, that scope is unprecedented.

The part you asked about: how Anthropic got thrown out of government first

The recall didn't come out of nowhere. It was an escalation in a fight that had already gone nuclear three and a half months earlier.

In late February 2026, the Defense Department wanted Anthropic to remove the usage restrictions that limited military use of Claude. The reported sticking points: mass domestic surveillance and fully autonomous weapons systems. Amodei refused, saying the company "could not accede to the request in good conscience."

The retaliation was swift and total. Around February 27–28:

  • President Trump directed every federal agency to "immediately cease" using Anthropic products, with a six-month phase-out.
  • Defense Secretary Pete Hegseth designated Anthropic a "supply-chain risk to national security," declaring that "no contractor, supplier, or partner that does business with the United States military may conduct any commercial activity with Anthropic." That isn't canceling a contract — it's trying to make a company radioactive to the entire defense industrial base. A reported $200 million Pentagon contract was terminated.

This sat atop a year of friction. Tensions had simmered since early 2025 over AI regulation and chip-export policy, with administration officials reportedly deriding Claude as "woke AI" and calling Amodei an "ideological lunatic."

By March, the purge had spread across the civilian government:

  • Treasury dropped Claude. Secretary Scott Bessent: "The American people deserve confidence that every tool in government serves the public interest." (The same Bessent who, three months later, would be the conduit for Amazon's jailbreak report.)
  • The State Department removed Anthropic and migrated from Claude to OpenAI's GPT-4.1 — a switch that reportedly left its replacement chatbot's knowledge over a year out of date.
  • Health and Human Services, which had only rolled Claude out to staff in December 2025, began ripping it out and steering employees to ChatGPT Enterprise and Google Gemini.
  • The GSA pulled Anthropic from its procurement schedules and the USAi.gov program.

The execution was chaotic. Weeks after the directive, agencies still had little formal guidance — in places, little more than a Trump social-media post to act on. One AI advisor summed it up: "It's a lot of complicated questions that nobody really knows the answer to." At HHS, staff reportedly got only a few hours to save their work before the tool vanished. And around the same time, the Senate's IT leadership approved Google Gemini, OpenAI's ChatGPT, and Microsoft Copilot for official use — pointedly leaving Claude off the list.

How the two halves connect

The press has tended to bundle the February–March ejection and the June recall into one story. Be careful there: officially they're separate actions — one a procurement and usage-policy fight, the other an export-control move over a specific vulnerability. A documented causal line from the feud to the recall isn't on the public record.

But the hard links are real. Both came from the same executive branch, under the same president, in one four-month window. Treasury Secretary Bessent appears in both. February established Anthropic as a national-security problem (Hegseth's "supply-chain risk"); June applied national-security authority against Anthropic's product — the framing was pre-built. And the June trigger came from a rival-investor, routed through political appointees rather than career technical staff.

So the most defensible read is this: the two events are legally separate, but they share an actor, a cast, a posture, and a target. The recall didn't need the feud to be justified — but the feud is indispensable to understanding why this company's model, and only this company's, got pulled over a capability the government concedes (by Anthropic's account) is available elsewhere.

So — was it justified?

Honestly, the public facts support both readings at once, which is exactly why it's contested.

The case that it was a genuine concern: Anthropic itself called this class of model a dangerous leap. A sophisticated firm (Amazon) escalated a concrete finding. A model that can autonomously find and weaponize software flaws — even occasionally — is a legitimate proliferation worry, and for 72 hours the public version had no foreign-access gate at all.

The case that it was disproportionate, and shadowed by politics: the evidence was verbal only; the jailbreak was "narrow" and surfaced only minor, already-known bugs; the same capability is "widely available from other models" — yet only Anthropic's model was pulled; the scope (banning a U.S. firm's own employees) is unprecedented; the trigger came from a rival with a motive; and the administration had already spent four months trying to push Anthropic out of government.

What can be said cleanly: the action was legally novel, thin on public evidence, single-vendor in its effect, and taken against a company the administration was already at war with. Whether that adds up to prudence or punishment is the open question of the whole affair.

What's still uncertain

This story is days old and moving fast — treat these as open:

  • Has access been restored? Anthropic said it was working on it; Sacks framed restoration as conditional on a patch. Status unconfirmed.
  • What's the actual legal instrument? Anthropic calls it an "export-control directive"; reporting points to Commerce/Lutnick. Whether there's a published rule or letter — and how export law was stretched to cover U.S.-based foreign-national employees — is unclear.
  • How dangerous is the capability really? Skeptics (including security expert Bruce Schneier, who called the April demo a "marketing stunt") argue cheaper models find the same bugs and that detecting a flaw isn't exploiting one.
  • One unverified wrinkle: at least one outlet reported a "Chinese group had reportedly accessed the model." That's single-source and uncorroborated — don't repeat it as fact, but it's worth watching, because if true it would materially strengthen the government's case.

Why this lands on a small-business blog

We don't normally cover Washington here. We're covering this because the lesson underneath it is the one we tell clients constantly: the tools your business runs on can be switched off by decisions you have no part in. A frontier AI model used by hundreds of millions was pulled worldwide in hours — and the State Department spent its week migrating to a different model with stale data, while HHS staff had hours to save their work. That's the same risk every owner now carries when an AI tool becomes load-bearing.

The takeaway isn't "fear AI" — it's to keep the things that are yours (your data, your process, your workflows) on systems you actually control, so AI is a powerful, swappable engine plugged into your business as one connected system rather than the whole foundation. If you want to think through where your own exposure is, talk to us about your own setup.

Frequently asked questions

Why did the U.S. government ban Claude Fable 5 and Mythos 5? Officially, over a security concern: the government said it had been shown a "jailbreak" that let Fable 5 bypass its safeguards and surface information useful for cyberattacks (essentially, asking it to read a codebase and find flaws). It issued an export-control directive on June 12, 2026 barring foreign-national access, which forced Anthropic to disable both models worldwide. AI czar David Sacks said the administration acted only after Anthropic declined to patch or pull the model. Anthropic disputes the severity, calling it a narrow jailbreak that surfaced only minor, already-known bugs.

What's the difference between Claude Fable 5 and Mythos 5? They're the same underlying model. Fable 5 is the public version with safety guardrails — when it detects high-risk requests (cyber, bio/chem, distillation) it routes the answer to the older, safer Claude Opus 4.8. Mythos 5 is the same model with those guardrails lifted, restricted to a small set of vetted partners. The safeguards are the only real difference.

Did the U.S. government also remove Claude from its own agencies? Yes — earlier, and separately. In late February 2026, after Anthropic refused to let the Pentagon use Claude for mass surveillance and fully autonomous weapons, the Trump administration ordered all federal agencies to stop using Anthropic, and Defense Secretary Pete Hegseth labeled the company a "supply-chain risk." Treasury, State, HHS, and the GSA dropped Claude over the following weeks, and the Senate approved competitors (Gemini, ChatGPT, Copilot) instead. The June export-control suspension and this earlier ejection are legally separate actions, but they come from the same administration during the same conflict.

Was the suspension justified? It's genuinely contested, and the public record doesn't settle it. There's a real capability concern (Anthropic itself called this class of model a dangerous leap) and real signs of disproportion (verbal-only evidence, a "narrow" jailbreak, the same capability available from rivals, and an unprecedented scope reaching a U.S. company's own employees) — against the backdrop of a months-long feud. Both readings fit the confirmed facts.

Who was affected by the shutdown? Everyone using Fable 5 or Mythos 5 worldwide — including U.S. citizens caught as collateral, all foreign nationals, Anthropic's own non-citizen employees, Amazon Bedrock/AWS users, and Project Glasswing partners. All of Anthropic's other models stayed online.